Revert "vsftpd: add new package"

wrong patch picked up from patchwork This reverts commit f89d930201.
2026-06-11 16:59:59 +00:00 · 2012-02-22 12:22:49 +01:00
parent f89d930201
commit a09b3ed3e1
13 changed files with 0 additions and 733 deletions
@@ -1,18 +0,0 @@
 Author: Daniel Jacobowitz <dan@debian.org>
 Description: Build with tcpwrapper and SSL support.
 diff -Naurp vsftpd.orig/builddefs.h vsftpd/builddefs.h
 --- vsftpd.orig/builddefs.h	2009-01-31 00:02:36.000000000 +0000
 +++ vsftpd/builddefs.h	2009-01-31 00:26:34.000000000 +0000
@@ -1,9 +1,9 @@
 #ifndef VSF_BUILDDEFS_H
 #define VSF_BUILDDEFS_H
 -#undef VSF_BUILD_TCPWRAPPERS
 +#define VSF_BUILD_TCPWRAPPERS 1
 #define VSF_BUILD_PAM
 -#undef VSF_BUILD_SSL
 +#define VSF_BUILD_SSL
 #endif /* VSF_BUILDDEFS_H */
@@ -1,120 +0,0 @@
 Author: Daniel Jacobowitz <dan@debian.org>
 Description: Set default configuration.
 diff -Naurp vsftpd.orig/tunables.c vsftpd/tunables.c
 --- vsftpd.orig/tunables.c	2009-07-15 22:08:27.000000000 +0200
 +++ vsftpd/tunables.c	2009-11-06 13:33:34.000000000 +0100
@@ -246,7 +246,7 @@ tunables_load_defaults()
   /* -rw------- */
   tunable_chown_upload_mode = 0600;
 -  install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir);
 +  install_str_setting("/var/run/vsftpd/empty", &tunable_secure_chroot_dir);
   install_str_setting("ftp", &tunable_ftp_username);
   install_str_setting("root", &tunable_chown_username);
   install_str_setting("/var/log/xferlog", &tunable_xferlog_file);
@@ -256,7 +256,7 @@ tunables_load_defaults()
   install_str_setting(0, &tunable_ftpd_banner);
   install_str_setting("/etc/vsftpd.banned_emails", &tunable_banned_email_file);
   install_str_setting("/etc/vsftpd.chroot_list", &tunable_chroot_list_file);
 -  install_str_setting("ftp", &tunable_pam_service_name);
 +  install_str_setting("vsftpd", &tunable_pam_service_name);
   install_str_setting("ftp", &tunable_guest_username);
   install_str_setting("/etc/vsftpd.user_list", &tunable_userlist_file);
   install_str_setting(0, &tunable_anon_root);
 diff -Naurp vsftpd.orig/vsftpd.conf vsftpd/vsftpd.conf
 --- vsftpd.orig/vsftpd.conf	2009-11-06 08:41:11.000000000 +0100
 +++ vsftpd/vsftpd.conf	2009-11-06 13:35:37.000000000 +0100
@@ -8,6 +8,17 @@
 # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
 # capabilities.
 #
 +#
 +# Run standalone?  vsftpd can run either from an inetd or as a standalone
 +# daemon started from an initscript.
 +listen=YES
 +#
 +# Run standalone with IPv6?
 +# Like the listen parameter, except vsftpd will listen on an IPv6 socket
 +# instead of an IPv4 one. This parameter and the listen parameter are mutually
 +# exclusive.
 +#listen_ipv6=YES
 +#
 # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
 anonymous_enable=YES
 #
@@ -34,6 +45,12 @@ anonymous_enable=YES
 # go into a certain directory.
 dirmessage_enable=YES
 #
 +# If enabled, vsftpd will display directory listings with the time
 +# in  your  local  time  zone.  The default is to display GMT. The
 +# times returned by the MDTM FTP command are also affected by this
 +# option.
 +use_localtime=YES
 +#
 # Activate logging of uploads/downloads.
 xferlog_enable=YES
 #
@@ -89,6 +106,11 @@ connect_from_port_20=YES
 # (default follows)
 #banned_email_file=/etc/vsftpd.banned_emails
 #
 +# You may restrict local users to their home directories.  See the FAQ for
 +# the possible risks in this before using chroot_local_user or
 +# chroot_list_enable below.
 +#chroot_local_user=YES
 +#
 # You may specify an explicit list of local users to chroot() to their home
 # directory. If chroot_local_user is YES, then this list becomes a list of
 # users to NOT chroot().
@@ -103,12 +125,20 @@ connect_from_port_20=YES
 # the presence of the "-R" option, so there is a strong case for enabling it.
 #ls_recurse_enable=YES
 #
 -# When "listen" directive is enabled, vsftpd runs in standalone mode and
 -# listens on IPv4 sockets. This directive cannot be used in conjunction
 -# with the listen_ipv6 directive.
 -listen=YES
 +# Customization
 #
 -# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
 -# sockets, you must run two copies of vsftpd with two configuration files.
 -# Make sure, that one of the listen options is commented !!
 -#listen_ipv6=YES
 +# Some of vsftpd's settings don't fit the filesystem layout by
 +# default.
 +#
 +# This option should be the name of a directory which is empty.  Also, the
 +# directory should not be writable by the ftp user. This directory is used
 +# as a secure chroot() jail at times vsftpd does not require filesystem
 +# access.
 +secure_chroot_dir=/var/run/vsftpd/empty
 +#
 +# This string is the name of the PAM service vsftpd will use.
 +pam_service_name=vsftpd
 +#
 +# This option specifies the location of the RSA certificate to use for SSL
 +# encrypted connections.
 +rsa_cert_file=/etc/ssl/private/vsftpd.pem
 diff -Naurp vsftpd.orig/vsftpd.conf.5 vsftpd/vsftpd.conf.5
 --- vsftpd.orig/vsftpd.conf.5	2009-11-06 08:41:11.000000000 +0100
 +++ vsftpd/vsftpd.conf.5	2009-11-06 13:37:10.000000000 +0100
@@ -940,7 +940,7 @@ Default: nobody
 .B pam_service_name
 This string is the name of the PAM service vsftpd will use.
 -Default: ftp
 +Default: vsftpd
 .TP
 .B pasv_address
 Use this option to override the IP address that vsftpd will advertise in
@@ -969,7 +969,7 @@ This option should be the name of a dire
 directory should not be writable by the ftp user. This directory is used
 as a secure chroot() jail at times vsftpd does not require filesystem access.
 -Default: /usr/share/empty
 +Default: /var/run/vsftpd/empty
 .TP
 .B ssl_ciphers
 This option can be used to select which SSL ciphers vsftpd will allow for
@@ -1,19 +0,0 @@
 Author: shaul Karl <shaulkarl@yahoo.com>
 Description:
 A short explanation how to find out the right db version (Closes: #478282).
 diff -Naurp vsftpd.orig/EXAMPLE/VIRTUAL_USERS/README vsftpd/EXAMPLE/VIRTUAL_USERS/README
 --- vsftpd.orig/EXAMPLE/VIRTUAL_USERS/README	2009-01-31 00:02:36.000000000 +0000
 +++ vsftpd/EXAMPLE/VIRTUAL_USERS/README	2009-01-31 01:38:11.000000000 +0000
@@ -21,7 +21,10 @@ NOTE: Many systems have multiple version
 need to use e.g. db3_load for correct operation. This is known to affect
 some Debian systems. The core issue is that pam_userdb expects its login
 database to be a specific db version (often db3, whereas db4 may be installed
 -on your system).
 +on your system). You might check ahead what specific db version you'll need
 +by looking at the dependcies of the pam module. Some methods to do that is to
 +run ldd on the pam_userdb.so or look at the dependencies of the package with
 +the pam modules.
 This will create /etc/vsftpd_login.db. Obviously, you may want to make sure
 the permissions are restricted:
@@ -1,91 +0,0 @@
 Author: Michael Stapelberg <michael@stapelberg.de>
 Description:
 vsftpd does not accept IPv6 scope identifier in listen_address6
 (Closes: #544993).
 .
 When specifying a link-local address, you need a scope identifier (tha name of
 the index usually), thus you cannot use the following:
 listen_address6=fe80::21f:16ff:fe06:3aab
 but you have to use:
 listen_address6=fe80::21f:16ff:fe06:3aab%eth0
 so that it is clear on which interface this link-local address should be used.
 .
 Unfortunately, vsftpd does not correctly parse the address mentioned above and
 thus fails to be useful in link-local-only environments.
 .
 This patch fixes it.
 diff -Naurp vsftpd.orig/standalone.c vsftpd/standalone.c
 --- vsftpd.orig/standalone.c	2009-10-02 14:15:18.000000000 +0200
 +++ vsftpd/standalone.c	2009-10-17 17:10:02.000000000 +0200
@@ -7,6 +7,8 @@
  * Code to listen on the network and launch children servants.
  */
 +#include <net/if.h>
 +
 #include "standalone.h"
 #include "parseconf.h"
@@ -111,8 +113,17 @@ vsf_standalone_main(void)
     else
     {
       struct mystr addr_str = INIT_MYSTR;
 +      struct mystr scope_id = INIT_MYSTR;
       const unsigned char* p_raw_addr;
 +      unsigned int if_index = 0;
 +
 +      /* See if we got a scope id */
       str_alloc_text(&addr_str, tunable_listen_address6);
 +      str_split_char(&addr_str, &scope_id, '%');
 +      if (str_getlen(&scope_id) > 0) {
 +        if_index = if_nametoindex(str_getbuf(&scope_id));
 +        str_free(&scope_id);
 +      }
       p_raw_addr = vsf_sysutil_parse_ipv6(&addr_str);
       str_free(&addr_str);
       if (!p_raw_addr)
@@ -120,6 +131,7 @@ vsf_standalone_main(void)
         die2("bad listen_address6: ", tunable_listen_address6);
       }
       vsf_sysutil_sockaddr_set_ipv6addr(p_sockaddr, p_raw_addr);
 +      vsf_sysutil_sockaddr_set_ipv6scope(p_sockaddr, if_index);
     }
     retval = vsf_sysutil_bind(listen_sock, p_sockaddr);
     vsf_sysutil_free(p_sockaddr);
 diff -Naurp vsftpd.orig/sysutil.c vsftpd/sysutil.c
 --- vsftpd.orig/sysutil.c	2009-10-02 14:15:18.000000000 +0200
 +++ vsftpd/sysutil.c	2009-10-17 17:10:02.000000000 +0200
@@ -2039,6 +2039,19 @@ vsf_sysutil_sockaddr_set_ipv6addr(struct
   }
 }
 +int
 +vsf_sysutil_sockaddr_get_ipv6scope(struct vsf_sysutil_sockaddr* p_sockptr)
 +{
 +  return p_sockptr->u.u_sockaddr_in6.sin6_scope_id;
 +}
 +
 +void
 +vsf_sysutil_sockaddr_set_ipv6scope(struct vsf_sysutil_sockaddr* p_sockptr,
 +                                  const int scope_id)
 +{
 +  p_sockptr->u.u_sockaddr_in6.sin6_scope_id = scope_id;
 +}
 +
 const void*
 vsf_sysutil_sockaddr_ipv6_v4(const struct vsf_sysutil_sockaddr* p_addr)
 {
 diff -Naurp vsftpd.orig/sysutil.h vsftpd/sysutil.h
 --- vsftpd.orig/sysutil.h	2009-10-02 14:15:18.000000000 +0200
 +++ vsftpd/sysutil.h	2009-10-17 17:10:02.000000000 +0200
@@ -228,6 +228,9 @@ void vsf_sysutil_sockaddr_set_ipv4addr(s
                                        const unsigned char* p_raw);
 void vsf_sysutil_sockaddr_set_ipv6addr(struct vsf_sysutil_sockaddr* p_sockptr,
                                        const unsigned char* p_raw);
 +void vsf_sysutil_sockaddr_set_ipv6scope(struct vsf_sysutil_sockaddr* p_sockptr,
 +                                      const int scope_id);
 +int vsf_sysutil_sockaddr_get_ipv6scope(struct vsf_sysutil_sockaddr* p_sockptr);
 void vsf_sysutil_sockaddr_set_any(struct vsf_sysutil_sockaddr* p_sockaddr);
 unsigned short vsf_sysutil_sockaddr_get_port(
     const struct vsf_sysutil_sockaddr* p_sockptr);
@@ -1,81 +0,0 @@
 Author: Jiri Skala <jskala@redhat.com>
 Description: trim white spaces from option values (Closes: #419857, #536803).
 diff -Naurp vsftpd.orig/parseconf.c vsftpd/parseconf.c
 --- vsftpd.orig/parseconf.c	2009-10-02 14:15:18.000000000 +0200
 +++ vsftpd/parseconf.c	2009-10-18 11:28:31.000000000 +0200
@@ -275,7 +275,7 @@ vsf_parseconf_load_setting(const char* p
         }
         else
         {
 -          *p_curr_setting = str_strdup(&s_value_str);
 +          *p_curr_setting = str_strdup_trimmed(&s_value_str);
         }
         return;
       }
 diff -Naurp vsftpd.orig/str.c vsftpd/str.c
 --- vsftpd.orig/str.c	2009-10-02 14:15:18.000000000 +0200
 +++ vsftpd/str.c	2009-10-18 11:28:31.000000000 +0200
@@ -89,6 +89,18 @@ str_strdup(const struct mystr* p_str)
   return vsf_sysutil_strdup(str_getbuf(p_str));
 }
 +const char*
 +str_strdup_trimmed(const struct mystr* p_str)
 +{
 +  const char* p_trimmed = str_getbuf(p_str);
 +  int h, t, newlen;
 +
 +  for (h = 0; h < (int)str_getlen(p_str) && vsf_sysutil_isspace(p_trimmed[h]); h++) ;
 +  for (t = str_getlen(p_str) - 1; t >= 0 && vsf_sysutil_isspace(p_trimmed[t]); t--) ;
 +  newlen = t - h + 1;
 +  return newlen ? vsf_sysutil_strndup(p_trimmed+h, (unsigned int)newlen) : 0L;
 +}
 +
 void
 str_alloc_alt_term(struct mystr* p_str, const char* p_src, char term)
 {
 diff -Naurp vsftpd.orig/str.h vsftpd/str.h
 --- vsftpd.orig/str.h	2009-10-02 14:15:18.000000000 +0200
 +++ vsftpd/str.h	2009-10-18 11:28:31.000000000 +0200
@@ -31,6 +31,7 @@ void str_alloc_ulong(struct mystr* p_str
 void str_alloc_filesize_t(struct mystr* p_str, filesize_t the_filesize);
 void str_copy(struct mystr* p_dest, const struct mystr* p_src);
 const char* str_strdup(const struct mystr* p_str);
 +const char* str_strdup_trimmed(const struct mystr* p_str);
 void str_empty(struct mystr* p_str);
 void str_free(struct mystr* p_str);
 void str_trunc(struct mystr* p_str, unsigned int trunc_len);
 diff -Naurp vsftpd.orig/sysutil.c vsftpd/sysutil.c
 --- vsftpd.orig/sysutil.c	2009-10-02 14:15:18.000000000 +0200
 +++ vsftpd/sysutil.c	2009-10-18 11:28:31.000000000 +0200
@@ -1033,6 +1033,18 @@ vsf_sysutil_strdup(const char* p_str)
   return strdup(p_str);
 }
 +char*
 +vsf_sysutil_strndup(const char* p_str, unsigned int p_len)
 +{
 +  char *new = (char *)malloc(p_len+1);
 +
 +  if (new == NULL)
 +    return NULL;
 +
 +  new[p_len]='\0';
 +  return (char *)memcpy(new, p_str, p_len);
 +}
 +
 void
 vsf_sysutil_memclr(void* p_dest, unsigned int size)
 {
 diff -Naurp vsftpd.orig/sysutil.h vsftpd/sysutil.h
 --- vsftpd.orig/sysutil.h	2009-10-02 14:15:18.000000000 +0200
 +++ vsftpd/sysutil.h	2009-10-18 11:28:31.000000000 +0200
@@ -186,6 +186,7 @@ int vsf_sysutil_wait_get_exitcode(
 /* Various string functions */
 unsigned int vsf_sysutil_strlen(const char* p_text);
 char* vsf_sysutil_strdup(const char* p_str);
 +char* vsf_sysutil_strndup(const char* p_str, unsigned int p_len);
 void vsf_sysutil_memclr(void* p_dest, unsigned int size);
 void vsf_sysutil_memcpy(void* p_dest, const void* p_src,
                         const unsigned int size);
@@ -1,32 +0,0 @@
 Author: Martin Nagy <mnagy@redhat.com>
 Description: Fix file listing issue with wildcard (Bugzilla: #392181).
 diff -Naurp vsftpd.orig/ls.c vsftpd/ls.c
 --- vsftpd.orig/ls.c	2009-10-02 14:15:18.000000000 +0200
 +++ vsftpd/ls.c	2009-10-18 11:48:29.000000000 +0200
@@ -281,6 +281,25 @@ vsf_filename_passes_filter(const struct 
       {
         goto out;
       }
 +      if (!must_match_at_current_pos)
 +      {
 +        struct mystr scan_fwd = INIT_MYSTR;
 +
 +        str_mid_to_end(&name_remain_str, &scan_fwd,
 +                        indexx + str_getlen(&s_match_needed_str));
 +        /* We're allowed to be greedy, test if it match further along
 +         * keep advancing indexx while we can still match.
 +         */
 +        while( (locate_result = str_locate_str(&scan_fwd, &s_match_needed_str)),
 +            locate_result.found )
 +        {
 +          indexx += locate_result.index + str_getlen(&s_match_needed_str);
 +          str_mid_to_end(&scan_fwd, &temp_str,
 +                         locate_result.index + str_getlen(&s_match_needed_str));
 +          str_copy(&scan_fwd, &temp_str);
 +        }
 +       str_free(&scan_fwd);
 +      }
       /* Chop matched string out of remainder */
       str_mid_to_end(&name_remain_str, &temp_str,
                      indexx + str_getlen(&s_match_needed_str));
@@ -1,58 +0,0 @@
 Author: Chuck Short <zulcss@ubuntu.com>
 Description: Adding support for UTF8.
 diff -Naurp vsftpd.orig/features.c vsftpd/features.c
 --- vsftpd.orig/features.c	2008-12-04 06:00:47.000000000 +0000
 +++ vsftpd/features.c	2010-02-25 13:28:06.000000000 +0000
@@ -21,6 +21,10 @@ handle_feat(struct vsf_session* p_sess)
     vsf_cmdio_write_raw(p_sess, " AUTH SSL\r\n");
     vsf_cmdio_write_raw(p_sess, " AUTH TLS\r\n");
   }
 +  if (tunable_utf8_filesystem)
 +  {
 +     vsf_cmdio_write_raw(p_sess, " UTF8\r\n");
 +  }
   if (tunable_port_enable)
   {
     vsf_cmdio_write_raw(p_sess, " EPRT\r\n");
 diff -Naurp vsftpd.orig/parseconf.c vsftpd/parseconf.c
 --- vsftpd.orig/parseconf.c	2009-08-07 18:46:40.000000000 +0000
 +++ vsftpd/parseconf.c	2010-02-25 13:28:06.000000000 +0000
@@ -28,6 +28,7 @@ static struct parseconf_bool_setting
 parseconf_bool_array[] =
 {
   { "anonymous_enable", &tunable_anonymous_enable },
 +  { "utf8_filesystem", &tunable_utf8_filesystem },
   { "local_enable", &tunable_local_enable },
   { "pasv_enable", &tunable_pasv_enable },
   { "port_enable", &tunable_port_enable },
 diff -Naurp vsftpd.orig/tunables.c vsftpd/tunables.c
 --- vsftpd.orig/tunables.c	2009-07-15 20:08:27.000000000 +0000
 +++ vsftpd/tunables.c	2010-02-25 13:28:06.000000000 +0000
@@ -10,6 +10,7 @@
 int tunable_anonymous_enable;
 int tunable_local_enable;
 +int tunable_utf8_filesystem;
 int tunable_pasv_enable;
 int tunable_port_enable;
 int tunable_chroot_local_user;
@@ -146,6 +147,7 @@ tunables_load_defaults()
 {
   tunable_anonymous_enable = 1;
   tunable_local_enable = 0;
 +  tunable_utf8_filesystem = 0;
   tunable_pasv_enable = 1;
   tunable_port_enable = 1;
   tunable_chroot_local_user = 0;
 diff -Naurp vsftpd.orig/tunables.h vsftpd/tunables.h
 --- vsftpd.orig/tunables.h	2009-07-07 01:37:28.000000000 +0000
 +++ vsftpd/tunables.h	2010-02-25 13:28:06.000000000 +0000
@@ -11,6 +11,7 @@ void tunables_load_defaults();
 /* Booleans */
 extern int tunable_anonymous_enable;          /* Allow anon logins */
 extern int tunable_local_enable;              /* Allow local logins */
 +extern int tunable_utf8_filesystem;           /* Server uses UTF8 Filesystem */
 extern int tunable_pasv_enable;               /* Allow PASV */
 extern int tunable_port_enable;               /* Allow PORT */
 extern int tunable_chroot_local_user;         /* Restrict local to home dir */
@@ -1,23 +0,0 @@
 Author: Daniel Baumann <daniel.baumann@progress-technologies.net>
 Description: Fixing manpage formating.
 diff -Naurp vsftpd.orig/vsftpd.8 vsftpd/vsftpd.8
 --- vsftpd.orig/vsftpd.8	2009-07-17 20:56:23.000000000 +0000
 +++ vsftpd/vsftpd.8	2010-04-08 05:18:00.000000000 +0000
@@ -57,4 +57,3 @@ setting and any identical setting that w
 .Pa /etc/vsftpd.conf
 .Sh SEE ALSO
 .Xr vsftpd.conf 5
 -.end
 diff -Naurp vsftpd.orig/vsftpd.conf.5 vsftpd/vsftpd.conf.5
 --- vsftpd.orig/vsftpd.conf.5	2009-10-19 02:46:30.000000000 +0000
 +++ vsftpd/vsftpd.conf.5	2010-04-08 05:18:08.000000000 +0000
@@ -404,7 +404,7 @@ reuse (which proves that they know the s
 channel). Although this is a secure default, it may break many FTP clients,
 so you may want to disable it. For a discussion of the consequences, see
 http://scarybeastsecurity.blogspot.com/2009/02/vsftpd-210-released.html
 -(Added in v2.1.0).
 + (Added in v2.1.0).
 Default: YES
 .TP
@@ -1,15 +0,0 @@
 Author: Philipp Kern <pkern@debian.org>
 Description: Fix vsftpd on s390 (Closes: #602726).
 diff -Naurp vsftpd.orig/sysdeputil.c vsftpd/sysdeputil.c
 --- vsftpd.orig/sysdeputil.c	2011-09-05 16:03:18.728857644 +0200
 +++ vsftpd/sysdeputil.c	2011-09-05 16:05:12.909423834 +0200
@@ -64,7 +64,7 @@
 #include <utmpx.h>
 /* BEGIN config */
 -#if defined(__linux__)
 +#if defined(__linux__) && !defined(__s390__)
   #include <errno.h>
   #include <syscall.h>
   #define VSF_SYSDEP_HAVE_LINUX_CLONE
@@ -1,69 +0,0 @@
 Author: Ben Hutchings <ben@decadent.org.uk>
 Description: Remote DoS on Linux 2.6.32 (Closes: #629373).
 diff -Naurp vsftpd.orig/sysdeputil.c vsftpd/sysdeputil.c
 --- vsftpd.orig/sysdeputil.c	2010-03-26 04:25:33.000000000 +0100
 +++ vsftpd/sysdeputil.c	2011-09-05 15:16:05.347070790 +0200
@@ -25,6 +25,11 @@
   #define _LARGEFILE64_SOURCE 1
 #endif
 +#ifdef __linux__
 +  #include <stdio.h>
 +  #include <sys/utsname.h>
 +#endif
 +
 /* For INT_MAX */
 #include <limits.h>
@@ -1259,11 +1264,36 @@ vsf_set_term_if_parent_dies()
 #endif
 }
 +#ifdef VSF_SYSDEP_HAVE_LINUX_CLONE
 +/* On Linux versions <2.6.35, netns cleanup may be so slow that
 + * creating a netns per connection allows a remote denial-of-service.
 + * We therefore do not use CLONE_NEWNET on these versions.
 + */
 +static int
 +vsf_sysutil_netns_cleanup_is_fast(void)
 +{
 +#ifdef __linux__
 +  struct utsname utsname;
 +  int r1, r2, r3 = 0;
 +  return (uname(&utsname) == 0 &&
 +	  sscanf(utsname.release, "%d.%d.%d", &r1, &r2, &r3) >= 2 &&
 +	  ((r1 << 16) | (r2 << 8) | r3) >= ((2 << 16) | (6 << 8) | 35));
 +#else
 +  /* Assume any other kernel that has the feature don't have this problem */
 +  return 1;
 +#endif
 +}
 +#endif
 +
 int
 vsf_sysutil_fork_isolate_all_failok()
 {
 #ifdef VSF_SYSDEP_HAVE_LINUX_CLONE
 -  static int cloneflags_work = 1;
 +  static int cloneflags_work = -1;
 +  if (cloneflags_work < 0)
 +  {
 +    cloneflags_work = vsf_sysutil_netns_cleanup_is_fast();
 +  }
   if (cloneflags_work)
   {
     int ret = syscall(__NR_clone,
@@ -1309,7 +1339,11 @@ int
 vsf_sysutil_fork_newnet()
 {
 #ifdef VSF_SYSDEP_HAVE_LINUX_CLONE
 -  static int cloneflags_work = 1;
 +  static int cloneflags_work = -1;
 +  if (cloneflags_work < 0)
 +  {
 +    cloneflags_work = vsf_sysutil_netns_cleanup_is_fast();
 +  }
   if (cloneflags_work)
   {
     int ret = syscall(__NR_clone, CLONE_NEWNET | SIGCHLD, NULL);
@@ -1,105 +0,0 @@
 # Opendreambox /etc/vsftpd.conf
 #
 # Please see vsftpd.conf.5 for all compiled in defaults.
 #
 # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
 # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
 # capabilities.
 #
 # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
 anonymous_enable=NO
 #
 # Uncomment this to allow local users to log in.
 local_enable=YES
 #
 # Uncomment this to enable any form of FTP write command.
 write_enable=YES
 #
 # Default umask for local users is 077. You may wish to change this to 022,
 # if your users expect that (022 is used by most other ftpd's)
 #local_umask=022
 #
 # Uncomment this to allow the anonymous FTP user to upload files. This only
 # has an effect if the above global write enable is activated. Also, you will
 # obviously need to create a directory writable by the FTP user.
 #anon_upload_enable=YES
 #
 # Uncomment this if you want the anonymous FTP user to be able to create
 # new directories.
 #anon_mkdir_write_enable=YES
 #
 # Activate directory messages - messages given to remote users when they
 # go into a certain directory.
 dirmessage_enable=YES
 #
 # Activate logging of uploads/downloads.
 #xferlog_enable=YES
 #
 # Make sure PORT transfer connections originate from port 20 (ftp-data).
 connect_from_port_20=YES
 #
 # If you want, you can arrange for uploaded anonymous files to be owned by
 # a different user. Note! Using "root" for uploaded files is not
 # recommended!
 #chown_uploads=YES
 #chown_username=whoever
 #
 # You may override where the log file goes if you like. The default is shown
 # below.
 #xferlog_file=/var/log/vsftpd.log
 #
 # If you want, you can have your log file in standard ftpd xferlog format
 #xferlog_std_format=YES
 #
 # You may change the default value for timing out an idle session.
 #idle_session_timeout=600
 #
 # You may change the default value for timing out a data connection.
 #data_connection_timeout=120
 #
 # It is recommended that you define on your system a unique user which the
 # ftp server can use as a totally isolated and unprivileged user.
 #nopriv_user=ftpsecure
 #
 # Enable this and the server will recognise asynchronous ABOR requests. Not
 # recommended for security (the code is non-trivial). Not enabling it,
 # however, may confuse older FTP clients.
 async_abor_enable=YES
 #
 # By default the server will pretend to allow ASCII mode but in fact ignore
 # the request. Turn on the below options to have the server actually do ASCII
 # mangling on files when in ASCII mode.
 # Beware that turning on ascii_download_enable enables malicious remote parties
 # to consume your I/O resources, by issuing the command "SIZE /big/file" in
 # ASCII mode.
 # These ASCII options are split into upload and download because you may wish
 # to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
 # without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
 # on the client anyway..
 #ascii_upload_enable=YES
 #ascii_download_enable=YES
 #
 # You may fully customise the login banner string:
 ftpd_banner=Welcome to the OpenDreambox FTP service.
 #
 # You may specify a file of disallowed anonymous e-mail addresses. Apparently
 # useful for combatting certain DoS attacks.
 #deny_email_enable=YES
 # (default follows)
 #banned_email_file=/etc/vsftpd.banned_emails
 #
 # You may specify an explicit list of local users to chroot() to their home
 # directory. If chroot_local_user is YES, then this list becomes a list of
 # users to NOT chroot().
 #chroot_list_enable=YES
 # (default follows)
 #chroot_list_file=/etc/vsftpd.chroot_list
 #
 # You may activate the "-R" option to the builtin ls. This is disabled by
 # default to avoid remote users being able to cause excessive I/O on large
 # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
 # the presence of the "-R" option, so there is a strong case for enabling it.
 ls_recurse_enable=YES
 #
 secure_chroot_dir=/dev/shm
 local_root=/
@@ -1,7 +0,0 @@
 service ftp
 {
 	socket_type = stream
 	user = root
 	server = @SBINDIR@/vsftpd
 	wait = no
 }
@@ -1,95 +0,0 @@
 DESCRIPTION = "lightweight, efficient FTP server written for security"
 HOMEPAGE = "https://security.appspot.com/vsftpd.html"
 SECTION = "console/network"
 LICENSE = "GPL-2.0-with-OpenSSL-exception"
 LIC_FILES_CHKSUM = "file://COPYING;md5=a6067ad950b28336613aed9dd47b1271"
 DEPENDS = "libcap openssl"
 DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 SRC_URI = " \
        https://security.appspot.com/downloads/${BP}.tar.gz \
        file://vsftpd.xinetd.in \
        file://01-builddefs.patch \
        file://02-config.patch \
        file://03-db-doc.patch \
        file://04-link-local.patch \
        file://05-whitespaces.patch \
        file://06-greedy.patch \
        file://07-utf8.patch \
        file://08-manpage.patch \
        file://09-s390.patch \
        file://10-remote-dos.patch \
 "
 SRC_URI[md5sum] = "01398a5bef8e85b6cf2c213a4b011eca"
 SRC_URI[sha256sum] = "d87ee2987df8f03e1dbe294905f7907b2798deb89c67ca965f6e2f60879e54f1"
 S = "${WORKDIR}/${BP}"
 inherit useradd
 CFLAGS = "${TARGET_CFLAGS}"
 CFLAGS += "-DVSF_BUILD_SSL=1"
 CFLAGS += "${@base_contains('DISTRO_FEATURES', 'pam', '-DVSF_BUILD_PAM=1', '', d)}"
 LIBS = "-lcap -lcrypt -lssl -lcrypto"
 LIBS += "${@base_contains('DISTRO_FEATURES', 'pam', '-lpam', '', d)}"
 LINK = "${TARGET_LDFLAGS}"
 SECURE_CHROOT_DIR = "${datadir}/${BPN}/chroot"
 RSA_CERT_FILE = "${sysconfdir}/ssl/private/${BPN}.pem"
 do_configure() {
        rm -f builddefs.h
        touch builddefs.h
        set_default() {
                NAME=$1
                VALUE=$2
                sed -e "s,^#\?${NAME}=.*,${NAME}=${VALUE}," -i vsftpd.conf
        }
        set_default listen NO
        set_default listen_ipv6 NO
        set_default anonymous_enable NO
        set_default local_enable YES
        set_default write_enable YES
        set_default anon_upload_enable NO
        set_default anon_mkdir_write_enable NO
        set_default dirmessage_enable NO
        set_default use_localtime YES
        set_default xferlog_enable NO
        set_default connect_from_port_20 YES
        set_default chown_uploads NO
        set_default nopriv_user vsftpd
        set_default async_abor_enable YES
        set_default ascii_upload_enable NO
        set_default ascii_download_enable NO
        set_default ftpd_banner "Welcome to the ${DISTRO_NAME} FTP service!"
        set_default chroot_local_user NO
        set_default chroot_list_enable NO
        set_default ls_recurse_enable YES
        set_default secure_chroot_dir "${SECURE_CHROOT_DIR}"
        set_default rsa_cert_file "${RSA_CERT_FILE}"
 	sed -e 's,@SBINDIR@,${sbindir},' ${WORKDIR}/vsftpd.xinetd.in > vsftpd.xinetd
 }
 do_compile() {
        oe_runmake 'CFLAGS=${CFLAGS}' 'LIBS=${LIBS}' 'LINK=${LINK}'
 }
 do_install() {
        install -d ${D}${sysconfdir}
        install -m 644 vsftpd.conf ${D}${sysconfdir}
        install -d ${D}${sbindir}
        install -m 755 vsftpd ${D}${sbindir}/vsftpd
        install -d ${D}${mandir}/man8
        install -m 644 vsftpd.8 ${D}${mandir}/man8/vsftpd.8
        install -d ${D}${mandir}/man5
        install -m 644 vsftpd.conf.5 ${D}${mandir}/man5/vsftpd.conf.5
        install -d ${D}${sysconfdir}/xinetd.d
        install -m 644 vsftpd.xinetd ${D}${sysconfdir}/xinetd.d/vsftpd
        install -d ${D}${SECURE_CHROOT_DIR}
 }
 RDEPENDS_${PN} = "xinetd"
 USERADD_PACKAGES = "${PN}"
 USERADD_PARAM_${PN} = "--home-dir ${SECURE_CHROOT_DIR} --no-create-home --system --shell /bin/false --user-group vsftpd"